OpenPGP card issues

David Lorch david.lorch at gmx.de
Sat Jan 22 16:57:37 CET 2005 

Hi,

I bought an OpenPGP smart card and generated new keys on it (using gpg
v1.4.0a).


I have three questions concerning this process:

1) During key generation, gpg says "signing failed: wrong secret key
used" -- this results in a non-self-signed user id in the new key.
(See full gpg output at the end of this email).

2) Apart from the card's PIN, the program also asks for a passphrase for
the new key. What use is this with a card key? I afterwards tried
signing a file with the card and was only asked for the card's PIN, not
for this passphrase?

3) During key generation, gpg asked whether to make an off-card backup
of the encryption key, which I told it to do.

Now I've got a file called "sk_[something].gpg" that contains the secret
encryption key in case I ever lose the card.

I would like to test this functionality before I rely on it, so I told
gpg to import the file, however this fails:


gpg: key [mynewkeyid]: no user ID
gpg: Total number processed: 1
gpg:       secret keys read: 1


I cannot get gpg to import the backup of my secret encryption subkey.
This especially worries me because I really want a working backup of the
encryption key.



Can anyone tell me what I have done wrong?

Thanks in advance,

David




=================================================================
full gpg output follows
=================================================================


Command> generate
Make off-card backup of encryption key? (Y/n) y

gpg: DBG: asking for PIN 'PIN'

PIN
Please specify how long the key should be valid.
          0 = key does not expire
       <n>  = key expires in n days
       <n>w = key expires in n weeks
       <n>m = key expires in n months
       <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the
user ID from the Real Name, Comment and Email Address in this form:
     "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"

Real name: Testing
Email address: testing at example.org
Comment: card-key-01
You selected this USER-ID:
     "Testing (card-key-01) <testing at example.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'

Admin PIN
gpg: please wait while key is being generated ...
gpg: key generation completed (21 seconds)
gpg: signing failed: wrong secret key used
gpg: make_keysig_packet failed: wrong secret key used
You need a Passphrase to protect your secret key.

+++++
.+++++
gpg: NOTE: backup of card key saved to
`[gnupgdir]\sk_02084506A612DA19.gpg'
gpg: signatures created so far: 0
gpg: signatures created so far: 0
gpg: please wait while key is being generated ...
gpg: key generation completed (58 seconds)
gpg: signatures created so far: 2
gpg: signatures created so far: 2
gpg: key 133C3BF9 marked as ultimately trusted
public and secret key created and signed.

pub   1024R/133C3BF9 2005-01-22
       Key fingerprint = 66CA 95CF 4D2C 00F2 05E3  86AE C514 9E94 133C
3BF9
uid                  Testing (card-key-01) <testing at example.org>
sub   1024R/A612DA19 2005-01-22
sub   1024R/93456831 2005-01-22

=================================================================

More information about the Gnupg-users mailing list